CVE-2023-3914 - OpenCVE

A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.4.0::::enterprise:::

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/418115
https://hackerone.com/reports/2040822

History

Thu, 03 Oct 2024 07:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-840

Thu, 03 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Business Logic Errors in GitLab	Incorrect User Management in GitLab
Weaknesses		CWE-286

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab:16.3.0::::enterprise:::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab::::::::

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-09-29T06:02:21.304Z

Updated: 2024-10-03T06:23:12.878Z

Reserved: 2023-07-25T10:30:31.597Z

Link: CVE-2023-3914

Vulnrichment

Updated: 2024-08-02T07:08:50.677Z

NVD

Status : Modified

Published: 2023-09-29T07:15:13.380

Modified: 2024-10-03T07:15:14.560

Link: CVE-2023-3914

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3914", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-07-25T10:30:31.597Z", "datePublished": "2023-09-29T06:02:21.304Z", "dateUpdated": "2024-10-03T06:23:12.878Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "16.2.8", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "16.3.5", "status": "affected", "version": "16.3", "versionType": "semver"}, {"lessThan": "16.4.1", "status": "affected", "version": "16.4", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"}], "descriptions": [{"lang": "en", "value": "A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-286", "description": "CWE-286: Incorrect User Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:12.878Z"}, "references": [{"name": "GitLab Issue #418115", "tags": ["issue-tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115"}, {"name": "HackerOne Bug Bounty Report #2040822", "tags": ["technical-description", "exploit", "permissions-required"], "url": "https://hackerone.com/reports/2040822"}], "solutions": [{"lang": "en", "value": "Upgrade to version 16.4.1, 16.3.5 or 16.2.8"}], "title": "Incorrect User Management in GitLab"}, "adp": [{"affected": [{"vendor": "gitlab", "product": "gitlab", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "16.2.8", "versionType": "semver"}]}, {"vendor": "gitlab", "product": "gitlab", "cpes": ["cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "16.3.0", "status": "affected", "lessThan": "16.3.5", "versionType": "semver"}]}, {"vendor": "gitlab", "product": "gitlab", "cpes": ["cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "16.4.0", "status": "affected", "lessThan": "16.4.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T13:49:27.658392Z", "id": "CVE-2023-3914", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T16:02:38.191Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.677Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115", "name": "GitLab Issue #418115", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2040822", "name": "HackerOne Bug Bounty Report #2040822", "tags": ["technical-description", "exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115", "name": "GitLab Issue #418115", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2040822", "name": "HackerOne Bug Bounty Report #2040822", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.677Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3914", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-24T13:49:27.658392Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "vendor": "gitlab", "product": "gitlab", "versions": [{"status": "affected", "version": "0", "lessThan": "16.2.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*"], "vendor": "gitlab", "product": "gitlab", "versions": [{"status": "affected", "version": "16.3.0", "lessThan": "16.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*"], "vendor": "gitlab", "product": "gitlab", "versions": [{"status": "affected", "version": "16.4.0", "lessThan": "16.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T14:08:15.777Z"}}], "cna": {"title": "Incorrect User Management in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "0", "lessThan": "16.2.8", "versionType": "semver"}, {"status": "affected", "version": "16.3", "lessThan": "16.3.5", "versionType": "semver"}, {"status": "affected", "version": "16.4", "lessThan": "16.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 16.4.1, 16.3.5 or 16.2.8"}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115", "name": "GitLab Issue #418115", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2040822", "name": "HackerOne Bug Bounty Report #2040822", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-286", "description": "CWE-286: Incorrect User Management"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:12.878Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3914", "state": "PUBLISHED", "dateUpdated": "2024-10-03T06:23:12.878Z", "dateReserved": "2023-07-25T10:30:31.597Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-09-29T06:02:21.304Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CC944069-5F94-4E2A-A13F-5D070BA4E5EB", "versionEndExcluding": "16.2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects."}, {"lang": "es", "value": "Un error de l\u00f3gica de negocios en GitLab EE que afecta a todas las versiones anteriores a 16.2.8, 16.3 anterior a 16.3.5 y 16.4 anterior a 16.4.1 permite el acceso a proyectos internos. Una cuenta de servicio no se elimina cuando se elimina un espacio de nombres, lo que permite el acceso a proyectos internos."}], "id": "CVE-2023-3914", "lastModified": "2024-10-03T07:15:14.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-09-29T07:15:13.380", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2040822"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-286"}], "source": "cve@gitlab.com", "type": "Secondary"}]}